Calculated Risk: How banks make sure they stay off the Barings path The finance industry

has increased its awareness of risk management practices as a result of high profile failures abroad, advances in technology and developments in the regulatory process. There has been an increased emphasis on the quality of internal management systems as a key defence against large trading losses such as those experienced at Barings, Daiwa, Sumitomo and National Westminster.1 Advances in technology have enabled institutions to develop more sophisticated systems for monitoring and controlling risk. Regulatory developments have contributed by recognising the more rigorous risk management methodology contained in banks internal models for the purpose of setting market risk capital standards. With the shift in focus to risk management, there has been ever increasing attention devoted to the quantitative rocket scientist elements underlying trading products and risk management methodologies. This paper however, steps away from the mathematics and looks at the qualitative framework surrounding the quantitative analysis. It analyses at a practical level the issues involved in risk management across an organisation. It highlights the increasing emphasis on risk management systems, methodologies and practices by institutions and regulators. The paper looks at the significance of the control function in the risk management framework and outlines a number of trends including the growing importance of the risk control unit. It briefly touches on the major issues underlying asset and liability management and examines the contentious issue of defining the trading and banking book. Finally it outlines some market trends including the move away from proprietary trading towards customer generated business. 1.Systems and Technology In a typical dealing room there are a range of different systems across the various markets/products (for example, foreign exchange, interest rates, commodities, equities and options). Traders have access to front end dealing systems with the focus on pricing, position keeping and risk management. The back office and risk management functions have systems to generate confirmations and settlement, produce independent profit and loss and risk exposure reports and monitor limits. The final link in the chain is the accounting function which is responsible for the general ledger system. One of the problems with disparate systems is aggregating data across the various desks in a meaningful and timely fashion. Consolidated profit and loss and risk management reports are generally produced on an end of day (or by early morning the following day) basis. There is a move however, towards further integrating systems with the ultimate goal of intraday risk monitoring. Another problem arising from disparate systems is the process of reconciliation between front and back office systems. The process of reconciliation is vital as it helps identify differences in exposures and profit and loss between front and back office systems. This is a key step in fraud protection but is generally a time consuming and manually intensive process. It is becoming increasingly apparent that it is near impossible to design a super system to cover all products across the different markets. The overall aim has shifted towards interfacing systems and ensuring that front and back office systems speak the same language.
1

A summary of these trading losses is outlined in the Appendix.

Market Risk Management

Page 2

The transition towards systems that involve straight through processing2 is becoming more achievable across dealing rooms, especially where products are relatively standardised, such as foreign exchange. The end result is an increase in efficiency as the process largely eliminates manual intervention and the potential for human error. Banks are also moving towards downloading relevant information from various systems to a data warehouse which is then used to generate market and credit risk, capital and other management reporting. With advances in technology and the increasing emphasis on risk management, there is a move towards developing more sophisticated systems. The proliferation of market risk software packages has meant that even the smaller institutions now have access to relatively sophisticated market risk management systems. One of the real constants in the industry is the continual upgrading of systems as markets and conditions change. An example of this is the use of technology such as object oriented software that can be easily adapted to incorporate new products and risks. Institutions often run into practical problems when implementing new systems across Treasury operations. Implementation of a new system often takes significantly longer than expected because of unanticipated delays in testing, debugging, training and implementation. In some instances, the system might simply fail to live up to expectations and may have to be modified or scaled down to suit the trading environment. In an attempt to address system implementation problems, there has been a move towards having a dedicated project team to monitor and co-ordinate changes and ensure a smooth transition. It is critical that systems development does not lag product development. Problems occur in situations where systems are not capable of processing unusual, more structured transactions conducted by front office staff. In many instances, manual adjustments are required or the current system has to be manipulated in order for the transaction to be processed increasing the probability of fraudulent behaviour and the potential for incorrect processing of transactions. As well as the systems issues associated with new products, it is essential that staff across the entire institution understand the various risks associated with the introduction of a new product. This is where the new product approval process has an integral part to play. The process generally involves detailed documentation outlining the characteristics and risks associated with a new product and how these risks will be managed. Before the product can be traded, sign-off is generally required by the various areas across the bank including the front office, back office, accounting, financial control, risk control, internal audit and senior management. 2.Control Functions Front office trading roles have traditionally been regarded as more prestigious and highly remunerated than corresponding back office functions. Similarly, the capabilities of front office technology has often outstripped that of the back office. There has been an increased focus however, on back office processes, systems and personnel especially after the fallout surrounding the recent trading disasters including Barings, Daiwa and Sumitomo. These cases demonstrate that it is often operational risk and a breakdown of basic internal controls

This involves front and back office systems being interfaced so that once the deal is entered into the front office system it feeds straight through to the back office where it is verified. Deal tickets also automatically print out in the back office.

Market Risk Management

Page 3

rather than mispecified risk management methodologies and systems that pose the greatest risk. Having truly independent back office staff who can understand and analyse the risks associated with more complex transactions, such as derivatives, is just as important as having competent dealers who can trade these instruments. The quality of back office staff has steadily improved in terms of educational requirements, experience and remuneration. However, it still remains the fact that the back office lags behind the front office. There has been a shift towards re-structuring of control functions and the development of an independent risk control unit. The primary function of this unit is to provide an objective review of the trading activities conducted by the front office. Under the market risk capital guidelines, banks that use internal models must have an independent risk control unit that is responsible for the design and implementation of the banks risk management system. At a practical level, risk control units vary in the scope of functions performed and in their level of integrity and independence. The risk control units responsibilities range from treasury support functions to comprehensive units dedicated to monitoring the risk management process. An important requirement for a strong risk control unit is qualified personnel who can understand the risk management information being produced. Accordingly, there is a move towards employing ex-traders to head up the risk control functions. A well resourced and effective internal audit unit is an important control function in the risk management framework. A strong internal audit process provides management with a degree of comfort in the sense that there is a monitoring of activities by a unit independent of the trading function. In this context, while a negative finding in an internal audit report clearly signals problems, provided there are adequate follow-up procedures (to quickly resolve significant weaknesses), the fact that the internal audit function is able to highlight areas of concern is a positive sign. The size, focus and quality of the internal audit function varies dramatically. Audit approaches range from mechanistic ticking off of lists of questions to a more risk based focus. In the risk-based approach the timing of audits is linked to the perceived riskiness of the particular business environment. Areas identified as high risk, such as Treasury, are subject to more frequent audits. The strength and effectiveness of an internal audit team is a function of the resources devoted to the area and how internal audit is perceived within the organisation by senior executives, traders and risk management staff. 3.Segregation of Duties The clear segregation of duties is a fundamental principle of internal control that has long been recognised as the first line of protection against the risk of fraudulent or unauthorised activities. It is important that there are clearly defined, independent reporting lines for both the front office and the back office/risk control functions. The lack of a well defined reporting structure creates a potential conflict of interest and the risk that some trading could be concealed, or incorrectly reported. 4. Risk Management Methodologies Risk measurement methodologies are becoming increasingly sophisticated and some form of Value at Risk (VAR) model is generally used to analyse and monitor market risks. VAR models aim to measure the potential loss on a portfolio that would result if relatively large

Market Risk Management

Page 4

adverse price movements were to occur. VAR is used predominantly as a high level management tool with structural limits, such as basis point values and net open positions, used to influence trader behaviour. VAR is, however, starting to be driven down to the dealer level as traders become more sophisticated and measures such as risk adjusted performance (based on VAR) shape behaviour and move capital to its most efficient use. A comprehensive stress testing program is an essential supplement to a VAR model. Stress testing involves subjecting trading portfolios to unexpected but possible shocks in market or political conditions. This enables an institution to evaluate its capacity to absorb potentially large losses and to identify steps that it can take to reduce its risk and conserve capital. The move moving towards more regular stress testing is in part being driven by the market risk capital requirements whereby banks using internal models will be required to submit the results of their stress testing scenarios to the Reserve Bank on a quarterly basis. 5.Asset and Liability Management For a number of institutions with large balance sheets the interest rate risk lying within the banking book is substantially greater than the market risk sitting within the trading book. Therefore, it is essential that a comprehensive risk management framework is developed, that effectively identifies, measures, monitors and controls interest rate risk exposures. In general, increasing resources and attention is being devoted to balance sheet risk management. Systems used are becoming more sophisticated as institutions move away from traditional gap analysis to simulation of net interest income and market value of equity. State of the art techniques including simulation and option type analysis are being used to analyse the risks underlying the balance sheet in greater detail. The aim is not only to manage these risks but to add value to the entire process. The integrity and timeliness of data on current positions is a key component of the risk measurement process. One of the biggest hurdles is obtaining accurate, timely data across the entire operation from retail banking to Treasury. The problem arises because of the large number of disparate systems that are used. This data aggregation problem implies that detailed analysis of interest rate risk is usually only conducted on a monthly basis. In the interim, however, major movements in the balance sheet are monitored. At smaller institutions, the problem of aggregating data over a number of systems is substantially reduced and this enables the management of interest rate risk on a more frequent basis, often using simpler techniques. The complexity involved in modelling interest rate risk has meant that even Basle Committee on Banking Supervision has deferred the development of a capital standard. The complexity arises from the fact that as well as technical assumptions and economic forecasts one needs to take into account customer behavioural patterns, such as break-outs and prepayment behaviour, which is hard to model accurately. In addition, the difficulties associated with determining objective mark to market values for assets and liabilities (for example, loans) introduces another level of subjectivity to the process. Despite these complexities, the magnitude of potential interest rate risk on the balance sheet implies that banks as well as supervisors will devote more attention to this area over the next few years. 6.Accrual versus Market Value Accounting The question of whether transactions should be classified as trading or investment is a widely debated issue. The fundamental problem is that there are no clear rules that define the boundary between investment and trading positions. The implementation of the market risk

Market Risk Management

Page 5

guidelines will partly address this issue as each bank will be required to agree a trading book policy statement with the Reserve Bank. The statement will establish which activities constitute the trading book and the arrangements in place to prevent inappropriate switching of transactions between the trading and banking books. The difficult issue of defining a trading book within the context of the broad structure of a bank will be addressed in terms of looking at the substance behind the words of a trading book policy statement. 7.Market Trends A well acknowledged trend is the maturing of many of the traditional trading markets. As competition has increased and with products becoming more commoditised, margins have declined and this has lead to a fall in profitability. There has also been a decline in proprietary trading in many banks as a result of lower margins and generally lower levels of market volatility. To counter this, there has been a push to increase income by expanding and generating more value from the customer franchise. The rationale is that customer generated business is more sustainable and significantly less volatile than proprietary trading. The general move is towards selectively targeting markets where institutions have a comparative advantage and attempting to build niches. An example of this is the search for new, more profitable markets, such as commodities and equity related trading. Increasingly, institutions are also attempting to capitalise on natural niches in local and international market and are focusing attention on products and markets where they have a global edge. Treasuries are moving away from being perceived as a simply another profit centre to playing an important role in the overall banking/customer relationship. For example, banks are taking an active role in educating customers about the risks involved with various products, especially in relation to exotic instruments.3 Banks visit corporate clients and make presentations to senior management about the nature of the products and the risks involved. A similar process of education is occurring internally as banks make Board members more aware of the risks underlying both the Treasury and asset and liability management functions. Conclusion Four forces are driving increased awareness of risk management practices: high profile trading disasters; regulatory developments; advances in technology; and the trend away from proprietary trading towards customer generated business. The large losses at financial institutions demonstrated that it is often operational risk and a breakdown of basic internal controls that pose the greatest threat. This has driven an increased focus on back office processes, systems and personnel. Regulatory developments, such as market risk capital requirements and guidelines, have also played their part in accelerating the adoption of increasingly sophisticated methodologies to analyse and monitor market risks. Technological advances have greatly aided the adoption of these more sophisticated systems. The move away from proprietary trading and towards customer generated business has increased the emphasis on educating clients about the risks involved in various products. This process of education has extended internally within financial institutions. Increased awareness of risk management practices should reduce the likelihood of future large trading losses.

Another factor contributing to this increased emphasis on education may have been the fallout associated with the Proctor and Gamble incident.

Market Risk Management

Page 6

Appendix I: Trading Disasters Barings made losses totalling $1.89 billion due to the unauthorised trading activities of Nick Leeson. These activities went undetected as a consequence of a failure of management and other internal controls of the most basic kind. At Sumitomo Corporation, the companys chief copper trader lost an estimated $1.8 billion on futures contracts. Sumitomo did not separate its front office trading activities from its back office processing and control unit. The trader also reportedly declined to take a holiday in his ten years at Sumitomo, thus making it more difficult for auditors to discover his wrongdoing. At Daiwa bank, Toshihide Iguchi accumulated $1.1 billion of losses over 11 years of bond trading in New York. There were a number of internal control weaknesses at the bank including the fact that Iguchi was responsible for both securities trading and custody operations and some related back office functions. The NatWest Group recently announced a 77 million charge against pre-tax profits as a result of losses incurred in the London interest rate options business.